Thatâs exactly what I was looking for, but didnât find anything.
During those 2 minutes I cannot even ping eg. 1.1.1.1, there seems to be no network connection.
I toyed a bit around and found out, when I disable âprovides_networkâ the qube acts as expected and establishes an openvpn connection immediately.
Are you guys using debian(-minimal) or why am I the only one with this problem?
Thanks for the patches to get VPNs working under 4.2 like they did under 4.1
I noticed that the Github site does not include the needed replacement files if you follow the Quick Setup Guide, resulting in a non working VPN. I only got it working after I saw this message and realized that there were more steps. Perhaps the Quick Setup Guide could include the steps above.
Itâs as helpful as you saying that Qubes OS has 0-day vulnerability but you wonât say where it is.
Iâve looked at the patch and I couldnât notice any obvious vulnerability. But Iâm not a programmer myself so I could miss something obvious to you.
And if no Qubes OS virtual IPv6 DNS servers are used then the IPv6 DNS from VPN provider wonât be used and qubes will use their own IPv6 DNS servers. I saw a pull request from 1choice to add virtual IPv6 DNS support to Qubes OS so I guess that was related to this change. But anyway this was an issue in original Qubes-vpn-support as well since it didnât handle IPv6 DNS at all.
And if no DNS is provided by VPN server then requests to virtual DNS IPs will leak from qubes. But this was an issue in original Qubes-vpn-support as well.
Well, you did your own audit and found a bug, but you wonât tell anyone about it so it could be fixed. @barto did a quick audit and found an issue and reported it so now it could be fixed.
I see no reason why you choose to conceal the bug. What kind of audit do you expect for this code? From some known security audit organization?
As I see it the users should check the code to the best of their abilities and report the issue if they found it so it could be fixed.
The point is that my skills are not enough to find the vulnerability that youâre talking about.
What if someone else besides you will find the same vulnerability that youâre talking about and instead of reporting it will just say the same thing as you âyes, there is a vulnerability but I wonât tell you what it isâ and the issue will still persist. Itâs unproductive.
If everyone was acting like this, we would never patch software upstream and a few people would compile from sources with local patch of issues they found. This would be unbearable.
LOL why you flagged my posts about vulnerability, you think it was a joke? Time to lough now:
The vulnerabilit - 1choice added forwarding rule from vpn to any vm and now anyone from vpn server can connect any vm, he also decided not use interface name in the rule and replaced it with 9, making it less invisible.
Also note that the default firewall rules in qubes are blocking incoming connections so this will only affect qubes with custom firewall rules that allow incoming connections.